Firebase-ios-sdk: Auth crash -[FIRAuth fetchSignInMethodsForEmail:completion:]

Not sure if this is relevant, but the auth methods I have enabled are phone, email, facebook, google, and apple. If I understand correctly apple is in beta so perhaps the code is newer and the issue lurks in there.

Hi @mikehardy, thanks for reporting the issue. Could you provide detailed steps in order to reproduce it on my end? You may also provide a minimal repro that I can run locally to see if it's reproducible.

I understand the desire for both a minimal repro and exact reproduction

However:

• the presence of a stack trace with line numbers should help trace it
• your API docs indicate this crash should be impossible, if there is some problem then I should get an error indicating the email address is mal-formed https://firebase.google.com/docs/reference/ios/firebaseauth/api/reference/Classes/FIRAuth#-fetchsigninmethodsforemail:completion: and since this has one argument which should be validated, it should be one of those types of errors (like null pointer exceptions) that should be easily visible via code inspection

The error isn't at a frequency yet where I can provide exact reproduction however in my app flow, this is potentially the first Firebase Auth SDK call made.

It would work out like this:

• in an app with social auth (apple, google, facebook) enabled;
• attempt to login to one of those social providers using their SDKs
• use the email provided by the social provider SDK in FIRAUth.fetchSignInMethodsForEmail
• crash, sometimes, with this trace

Note that Apple Sign-in does not provide the email address all the time, and sometimes they provide an anonymous one. Perhaps the code is not correctly handling the case where I attempt to send in an empty or null email address. I can't tell myself because the auth module is not open sourced here

Reported Warfalamei for spam.

@renkelvin from what I understand Sign in with Apple sometimes causes _identifier to be nil on this line.

@mikehardy if you're able to reproduce the crash, can you put a breakpoint on that line and print out the values of _identifier and _continueURI?

Oo - didn't realize auth was open source, I should have looked myself. It does stand to reason that one of those two items is nil though.

Unfortunately I've not been able to reproduce it myself so I'm not sure I'll ever have a result but I will put that breakpoint on. It's much more likely that I could integrate a patch against the Pod source that logged the values via crashlytics such that they were available in any future crash trace

As mentioned above I'm consuming this API from react-native which has the unfortunate implication my Obj-C skills are weak, but I'm good at handling source if you could suggest the appropriate crashlytics API calls to log the same - I think it would just be one or two lines to patch in there?

You can use this method and set a bool to true if the email exists and false if it's nil.

I haven't done a production build with any augmented logging in it yet, but this is a strong indication that my code is feeding something unexpected to the SDK layer - this is Java but I thought it was interesting as it's a crash that just recently started popping up:

Fatal Exception: java.lang.IllegalArgumentException: Given String is empty or null
       at com.google.android.gms.common.internal.Preconditions.b(Preconditions.java:11)
       at com.google.firebase.auth.FirebaseAuth.fetchSignInMethodsForEmail(FirebaseAuth.java)
       at io.invertase.firebase.auth.RNFirebaseAuth.fetchSignInMethodsForEmail(RNFirebaseAuth.java:15)
       at java.lang.reflect.Method.invoke(Method.java)
       at com.facebook.react.bridge.JavaMethodWrapper.invoke(JavaMethodWrapper.java:149)
       at com.facebook.react.bridge.JavaModuleWrapper.invoke(JavaModuleWrapper.java:21)
       at com.facebook.react.bridge.queue.NativeRunnable.run(NativeRunnable.java)
       at android.os.Handler.handleCallback(Handler.java:873)
       at android.os.Handler.dispatchMessage(Handler.java:99)
       at com.facebook.react.bridge.queue.MessageQueueThreadHandler.dispatchMessage(MessageQueueThreadHandler.java)
       at android.os.Looper.loop(Looper.java:214)
       at com.facebook.react.bridge.queue.MessageQueueThreadImpl$4.run(MessageQueueThreadImpl.java:37)
       at java.lang.Thread.run(Thread.java:764)

Here is that chunk of code, for what it's worth (though with a single-argument method this isn't the most complicated thing to reason through): https://github.com/invertase/react-native-firebase/blob/v5.x.x/android/src/main/java/io/invertase/firebase/auth/RNFirebaseAuth.java#L1595

The easiest thing to do for me is to check for empty or null prior to calling in to these methods (java and ios) but similar to the ios one, it would be nice if the documented exception was returned in a promise rejection vs a crash (https://firebase.google.com/docs/reference/android/com/google/firebase/auth/FirebaseAuth.html#public-tasksigninmethodqueryresult-fetchsigninmethodsforemail-string-email) - I mean that nicely by the way, I'm aware this is a gigantic pile of code+complexity and I'm happy with the way it works in general

Cheers!

Potentially a similar report here: https://github.com/firebase/FirebaseUI-iOS/issues/830

I'm afraid I will provide no future logs as my fix of simply null/empty checking prior to calling the method was sufficient, I have no new crash reports here. (and worth saying if an real email does go in there, the functionality is working, so apart from having to do a client-side check, the API is working)

Thanks